Skip to content

Loading…

missing "attr_accessible :slug" #254

Closed
mixellent opened this Issue · 4 comments

2 participants

@mixellent

When using a dynamic and more secure attr_accessible approach (code originally by Ryan Bates) where we are blocking all undeclared attr_accessible elements (using Rails v3.1.1):

class ActiveRecord::Base
attr_accessible
attr_accessor :accessible

private

def mass_assignment_authorizer(role = :default)
if accessible == :all
self.class.protected_attributes
else
super + (accessible || [])
end
end
end

and trying to save an object using this approach, I get the following error:

ActiveRecord::Base : WARNING: Can't mass-assign protected attributes: slug

PGError: ERROR: null value in column "slug" violates not-null constraint
: INSERT INTO "friendly_id_slugs" ("created_at", "slug", "sluggable_id", "sluggable_type") VALUES ($1, $2, $3, $4) RETURNING "id"

Adding a :slug attribute in my mass_assignment_authorizer method fixes this issue, but is not elegant. How can this be fixed on a core level? I was not able to locate the specific class in the friendly_id library in order to perform such desired change.

@norman norman added a commit that referenced this issue
@norman Avoid mass-assigment
Many devs are making changes to their apps right now to eliminate mass
assigment, so this is a potential source of incompatibility. Since it's
very easy to avoid, let's just make the change so we can be more easily
compatible.

See issue #254.
0328e5e
@norman
Owner

I just pushed a small change which I think should help you, please see the notes in the commit referenced above and let me know if the change works for your app.

@mixellent

Norman, this is great! Thanks for the super quick response and fix.
I have tested it just now (using your master version) and I can confirm that it is working as expected. The note is very clear indeed.

Thanks again for this!

@mixellent mixellent closed this
@norman
Owner

Awesome, glad I could help. Thanks for confirming the fix. I'll push this out in a new version soon, probably before the end of the week and possibly as soon as today.

@mixellent

much appreciated, for now I will just use the master repo :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.